Ubuntu introduced a new service which enables live kernel patching on any Ubuntu 16.04 LTS system. This service allows system administrators to address critical security issues and vulnerabilities without rebooting the server.
Kernel live patching enables runtime correction of critical security issues in your kernel without rebooting. It’s the best way to ensure that machines are safe at the kernel level, while guaranteeing uptime, especially for container hosts where a single machine may be running thousands of different workloads
- Create an Ubuntu One account
- Generate your Livepatch Token
- Install and Enable Canonical Livepatch Service
Step 1 – Create an Ubuntu One account
To take advantage of this new service, you need to create a free Ubuntu One account in https://login.ubuntu.com/. Upon signing up, verify your account by clicking the link that would be sent in your email.
Step 2 – Generate your Livepatch Token
After verifying your Ubuntu One account, generate your livepatch token here:
A single token can be used to enable the Canonical Livepatch Service in up to 3 servers. Once your token has been generated, you would see something like this:
Once the token is generated, you can now install and enable the live kernel patch service in your Ubuntu box.
Step 3 – Install and Enable Canonical Livepatch Service
Login to your Ubuntu server and follow these commands:
sudo snap install canonical-livepatch
sudo canonical-livepatch enable <TOKEN>
<TOKEN> with the one you generated from Step 2.
Verify your kernel’s status using the command below:
sudo canonical-livepatch status --verbose
cpu-model: Intel(R) Xeon(R) CPU E5-2630L v2 @ 2.40GHz
- kernel: 4.4.0-31.50-generic
Voila! Your server is now gonna patch itself once it learns that it has a hole which someone might use to make it bleed trillion bits of 1’s and 0’s.